- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-08-2022 08:52 AM
Dear and valuable Live Community Members,
One of our customers came to us with some questions about Azure Bootstrap Package, but I couldn't find the requested information for that.
We've checked the article where the steps to create new firewalls in Azure are explained (https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/bootstrap-the-vm-series-firewal...), but there are still some open points we need to address. And we would like to check if maybe someone here has some more experience on this and could help to answer the below questions:
*And in case it's needed the PAN-OS in use is 10.0.4
We will appreciate your help and guidance with the above queries. And please let me know if that'S something we should be asking the TAC.
Thank you in advance!
Cheers!
01-04-2023 08:10 AM
It's only need to for the first boot of the FW (Creation). For software Update you have 2 options :
- do the update from panorama (I would not recommends that)
- Change the Marketplace image version of the Scale set and reimage your vm, so your firewall will bootstrap again and you will have a fresh instance (you can also add new instance and delete the old one)
Yes Instances are independent, so any new instance will bootstrap from the storage account
Subdirectory is an input n the custom data (Azure), personally I'm using different storage account
01-05-2023 03:42 AM
We've involved the PA Team to advise on this and below are the answer supplied by TAC to the queries:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1. Is the Bootstrap packet only needed for the first boot or as well for later boots (e.g., during software updates?)
>> If you are going to reboot the device later, you can do it unusually with a software upgrade or content. Hence bootstrap package is not required for later boot.
2. In cases of virtual machine scale sets, does every new machine need to boot from the bootstrap directory?
>> Yes, All the firewalls in the scaling will boot from the bootstrap directory.
3. The customer is using subfolders (possible since version 10.*.) for different device groups.
How does the link between a booting VM and the subdirectory work,?
And how can we configure specific machines to use a specific subdirectory?
>> In the user data you can provide a subdirectory path to boot the device.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
As per the documentation: Bootstrap the VM-Series Firewall on AWS:
https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/bootstrap-the-vm-series-firewal...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!